using spamhaus droplist with sa ?
Hello, http://www.spamhaus.org/faq/answers.lasso?section=DROP FAQ mention as very last point to use the Spamhaus Drop list with SA. is anybody doing this and can explain it in detail ? Thanks Andreas
Re: using spamhaus droplist with sa ?
On 2011-02-17 15:23, Andreas Schulze wrote: Hello, http://www.spamhaus.org/faq/answers.lasso?section=DROP FAQ mention as very last point to use the Spamhaus Drop list with SA. is anybody doing this and can explain it in detail ? Thanks Andreas "DROP is a tiny subset of the SBL designed for use by firewalls and routing equipment." Using it postqueue is pretty pointless as its basically a "safe" subset of SBL
Another URL shortening site for the DecodeShortURLs plugin
I just got spam with a short URL http://www.zoodl.com/19714 in it. www.zoodl.com isn't in DecodeShortURLs.cf so its maintainer may want to add it. Martin
[Q] Adjusting Rule Scores - Which file?
Hi, I am interested in raising the score for the rule RDNS_DYNAMIC. However, I cannot find it in any of the files under /etc/spamassassin. I thought that it would be listed somewhere in this directory. In which file is this located? * Why do I want to raise the bar for RDNS_DYNAMIC? I won't use the pbl from spamhaus, nor other expressions that reject email sent from dynamic address ranges. I think if someone [hobbyist] wishes to run his own server and not pay for a static address, then I won't block email from them. However, I would like to add some extra points for sending from one. 99% of spam received here from the dynamic ranges get blocked by postfix for numerous reasons; Some being an invalid rcpt email, some Subjects, RFC compliance, and so on). Regards, S
Re: [Q] Adjusting Rule Scores - Which file?
On 2/17/2011 10:28 AM, J4K wrote: > > Hi, > > I am interested in raising the score for the rule RDNS_DYNAMIC. > However, I cannot find it in any of the files under /etc/spamassassin. > I thought that it would be listed somewhere in this directory. In which > file is this located? > > * Why do I want to raise the bar for RDNS_DYNAMIC? > I won't use the pbl from spamhaus, nor other expressions that reject > email sent from dynamic address ranges. I think if someone [hobbyist] > wishes to run his own server and not pay for a static address, then I > won't block email from them. However, I would like to add some extra > points for sending from one. 99% of spam received here from the dynamic > ranges get blocked by postfix for numerous reasons; Some being an > invalid rcpt email, some Subjects, RFC compliance, and so on). The stock rules are under /var/lib/spamassassin/3.003001 (or whichever version you have). But don't make changes there, or they will be lost the next time you run sa-update. Instead, add your changes to the local.cf file in your local rules directory (/etc/mail/spamassassin on my system), or create a new cf file to hold your changes. To change the score for RDNS_DYNAMIC, add the following line: score RDNS_DYNAMIC 1.0 Since this directory is read after the main rule directory, anything you put here will override the stock rules. -- Bowie
Re: using spamhaus droplist with sa ?
On Thu, 17 Feb 2011 15:29:07 +0100 Yet Another Ninja wrote: > On 2011-02-17 15:23, Andreas Schulze wrote: > > Hello, > > > > http://www.spamhaus.org/faq/answers.lasso?section=DROP FAQ > > mention as very last point to use the Spamhaus Drop list with SA. > > > > is anybody doing this and can explain it in detail ? > > > > Thanks > > Andreas > > > > "DROP is a tiny subset of the SBL designed for use by firewalls and > routing equipment." > > Using it postqueue is pretty pointless as its basically a "safe" > subset of SBL The suggestion is that it be scored higher for that reason.
Re: using spamhaus droplist with sa ?
On 2011-02-17 16:40, RW wrote: On Thu, 17 Feb 2011 15:29:07 +0100 Yet Another Ninja wrote: On 2011-02-17 15:23, Andreas Schulze wrote: Hello, http://www.spamhaus.org/faq/answers.lasso?section=DROP FAQ mention as very last point to use the Spamhaus Drop list with SA. is anybody doing this and can explain it in detail ? Thanks Andreas "DROP is a tiny subset of the SBL designed for use by firewalls and routing equipment." Using it postqueue is pretty pointless as its basically a "safe" subset of SBL The suggestion is that it be scored higher for that reason. if that is what you wish, you can setup a local rbldnsd zone and query that.
Re: [Q] Adjusting Rule Scores - Which file?
On Thu, 17 Feb 2011, J4K wrote: I am interested in raising the score for the rule RDNS_DYNAMIC. However, I cannot find it in any of the files under /etc/spamassassin. I thought that it would be listed somewhere in this directory. In which file is this located? You do not want to alter the distributed files, as any alterations would be lost on the next upgrade. That rule doesn't appear in any of your local customization files (under /etc/spamassassin) because you've never customized it before. Just put score RDNS_DYNAMIC 1.00 into your local spamassassin .cf file under /etc/spamassassin and restart the daemon. -- John Hardin KA7OHZhttp://www.impsec.org/~jhardin/ jhar...@impsec.orgFALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 --- Gun Control laws aren't enacted to control guns, they are enacted to control people: catholics (1500s), japanese peasants (1600s), blacks (1860s), italian immigrants (1911), the irish (1920s), jews (1930s), blacks (1960s), the poor (always) --- 5 days until George Washington's 279th Birthday
Re: [Q] Adjusting Rule Scores - Which file?
On 02/17/2011 04:45 PM, John Hardin wrote: > On Thu, 17 Feb 2011, J4K wrote: > > You do not want to alter the distributed files, as any alterations > would be lost on the next upgrade. > > That rule doesn't appear in any of your local customization files > (under /etc/spamassassin) because you've never customized it before. > > Just put > > score RDNS_DYNAMIC 1.00 > > into your local spamassassin .cf file under /etc/spamassassin and > restart the daemon. > Thank-you everyone for telling me. Is 1.00 higher than the default. How could I list the default?
Re: Another URL shortening site for the DecodeShortURLs plugin
On 2011/02/17 10:13 AM, Martin Gregorie wrote: I just got spam with a short URL http://www.zoodl.com/19714 in it. www.zoodl.com isn't in DecodeShortURLs.cf so its maintainer may want to add it. I also added x.co to the list. -- /Jason
Re: [Q] Adjusting Rule Scores - Which file?
On 2/17/2011 10:51 AM, J4K wrote: > On 02/17/2011 04:45 PM, John Hardin wrote: >> On Thu, 17 Feb 2011, J4K wrote: >> >> You do not want to alter the distributed files, as any alterations >> would be lost on the next upgrade. >> >> That rule doesn't appear in any of your local customization files >> (under /etc/spamassassin) because you've never customized it before. >> >> Just put >> >> score RDNS_DYNAMIC 1.00 >> >> into your local spamassassin .cf file under /etc/spamassassin and >> restart the daemon. >> > Thank-you everyone for telling me. Is 1.00 higher than the default. > How could I list the default? $ grep RDNS_DYNAMIC /var/lib/spamassassin/3.003001/updates_spamassassin_org/50_scores.cf score RDNS_DYNAMIC 2.639 0.363 1.663 0.982 If you are using Bayes and Network tests, then the last number is what you want. So the default (for SA 3.3.1) is 0.982. Take a look at the man page for Mail::SpamAssassin::Conf for more info on the scores. -- Bowie
Re: [Q] Adjusting Rule Scores - Which file?
On 2/17/2011 10:51 AM, J4K wrote: > How could I list the default? Something like this might get you started: grep -R RDNS_DYNAMIC /var/lib/spamassassin/* | grep -i score
Re: [Q] Adjusting Rule Scores - Which file?
On 02/17/2011 05:33 PM, Bowie Bailey wrote: > On 2/17/2011 10:51 AM, J4K wrote: >> On 02/17/2011 04:45 PM, John Hardin wrote: >>> On Thu, 17 Feb 2011, J4K wrote: >>> >>> You do not want to alter the distributed files, as any alterations >>> would be lost on the next upgrade. >>> >>> That rule doesn't appear in any of your local customization files >>> (under /etc/spamassassin) because you've never customized it before. >>> >>> Just put >>> >>> score RDNS_DYNAMIC 1.00 >>> >>> into your local spamassassin .cf file under /etc/spamassassin and >>> restart the daemon. >>> >> Thank-you everyone for telling me. Is 1.00 higher than the default. >> How could I list the default? > $ grep RDNS_DYNAMIC > /var/lib/spamassassin/3.003001/updates_spamassassin_org/50_scores.cf > score RDNS_DYNAMIC 2.639 0.363 1.663 0.982 > > If you are using Bayes and Network tests, then the last number is what > you want. So the default (for SA 3.3.1) is 0.982. > > Take a look at the man page for Mail::SpamAssassin::Conf for more info > on the scores. > Great. Thanks again. I shall play around with the scores for this.
sa-learn files vs dirs
All other things being the same, which one is faster (maildir here): to feed emails to sa-learn message by message or just provide it with the entire directory?
Re: sa-learn files vs dirs
On Thu, 17 Feb 2011 12:06:44 -0500 Mauricio Tavares wrote: > All other things being the same, which one is faster (maildir > here): to feed emails to sa-learn message by message or just provide > it with the entire directory? Directories are faster, you are only running sa-learn once and not once per email.
Re: using spamhaus droplist with sa ?
On 2011/02/17 9:23 AM, Andreas Schulze wrote: Hello, http://www.spamhaus.org/faq/answers.lasso?section=DROP FAQ mention as very last point to use the Spamhaus Drop list with SA. is anybody doing this and can explain it in detail ? I played around with this a number of years ago and found it fairly useless in the context of blocking spam. The DROP list isn't meant to be used in such a way because this address space isn't typically the actual source of spam. Instead, the space is more likely used to control botnets, run scans, DOS attacks and other day-to-day operations. The DROP list is best used on routers running BGP in an effort to stop everything prior to a spam run. -- /Jason
Re: using spamhaus droplist with sa ?
On 2/17/2011 5:40 AM, RW wrote: The suggestion is that it be scored higher for that reason. Or just outright block all MTA connections from anything listed in zen.spamhaus.org, which seems to be safe. Large sites I know have been doing that for years without any complaints. Warren
date_received for previous hop
Hi list, for some weird reasons... ... I need to know the date where a mail was sent by the previous host (in the mail header chain) to our MTA. From checking HeaderEval.pm I conclude that: (if I'm correct) date_received -> gives me the date where my MTA did accept/take the mail date_header_time -> date where mail was written by some user (MUA) date_diff -> delta of above mentioned values date_diff is (unfortunately) not enough for our specific requirement here... Is there an 'easy' way to get this very specific date of the host one hop back away in the mail headers? TIA, frank\ -- 43rd Law of Computing: Anything that can go wr fortune: Segmentation violation -- Core dumped
Re: Freemail problem
/Very Ancient/ On Thu, 2010-06-10 at 18:40 +0200, Jeremy Fairbrass wrote: > Hi, I've noticed what seems to be unexpected behaviour with the Freemail > plugin, which I'm hoping someone can shed some light on. > > I'm using SpamAssassin 3.2.5, and the "FreeMail.pm" plugin v2.001 from > http://sa.hege.li, along with the rules from the 20_freemail.cf file at the > same location. > My second question is regarding the reference to > (financediamond[at]gmail.com) in the FREEMAIL_FROM results. That email > address does not appear *anywhere* in the entire message! Not in any of the > headers, nor in any part of the body. I've opened up the raw email file from > my mail server and searched the entire thing in a plain text editor, and > there is no reference anywhere to 'financediamond' at all. So why is the > FREEMAIL_FROM rule referring to that address? Is it a bug maybe? Could it > perhaps be crossing wires with another email which my SpamAssassin was > scanning at the same time, or something like that?? > > I am seeing this occasionally myself, including just now, except with 3.3.1 ( hence my search of the mailbox and found this, but only this post) somehow its mixing with addresses from separate emails altogether, this is postfix and SA is called from amavisd-new Was any suggestions given? Cheers signature.asc Description: This is a digitally signed message part
Re: Freemail problem
"Noel Butler" wrote in message news:1297993593.5473.74.camel@tardis... /Very Ancient/ On Thu, 2010-06-10 at 18:40 +0200, Jeremy Fairbrass wrote: Hi, I've noticed what seems to be unexpected behaviour with the Freemail plugin, which I'm hoping someone can shed some light on. I'm using SpamAssassin 3.2.5, and the "FreeMail.pm" plugin v2.001 from http://sa.hege.li, along with the rules from the 20_freemail.cf file at the same location. My second question is regarding the reference to (financediamond[at]gmail.com) in the FREEMAIL_FROM results. That email address does not appear *anywhere* in the entire message! Not in any of the headers, nor in any part of the body. I've opened up the raw email file from my mail server and searched the entire thing in a plain text editor, and there is no reference anywhere to 'financediamond' at all. So why is the FREEMAIL_FROM rule referring to that address? Is it a bug maybe? Could it perhaps be crossing wires with another email which my SpamAssassin was scanning at the same time, or something like that?? I am seeing this occasionally myself, including just now, except with 3.3.1 ( hence my search of the mailbox and found this, but only this post) somehow its mixing with addresses from separate emails altogether, this is postfix and SA is called from amavisd-new Was any suggestions given? Cheers I didn't receive any suggestions. I had hoped that when I would eventually upgrade to 3.3.x (haven't done that yet), that the problem would go away. So I'm sad to hear that it still exists. - Jeremy
